CVE-2021-34783
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.
Affected (25)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 9.12.0 to 9.12.4.29 | |
| From 6.4.0 to 6.4.0.13 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5512 X | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5505 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5515 X | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5525 X | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5545 X | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5555 X | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5580 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.016(001.025) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5585 X | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.